US12413594B2ActiveUtilityA1
System and method for outlier and anomaly detection in identity management artificial intelligence systems using cluster based analysis of network identity graphs
Est. expiryNov 27, 2038(~12.4 yrs left)· nominal 20-yr term from priority
H04L 63/104G06F 16/9024G06F 21/577G06F 21/552G06F 21/316G06F 21/45H04L 63/102H04L 63/105H04L 63/1425G06Q 10/00
80
PatentIndex Score
0
Cited by
19
References
21
Claims
Abstract
Systems and methods for artificial intelligence systems for identity management systems are disclosed. Embodiments may perform outlier detection and risk assessment based on identity management data, including one or more property graphs or peer groups determined from those property graphs, to determine identity management artifacts with ‘abnormal’ patterns when compared to other related identity management artifacts.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. An identity management system for risk assessment using graphs, comprising:
a memory;
a processor device;
a non-transitory, computer-readable storage medium including instructions executable by the processor device for:
accessing identity management data obtained from one or more source systems;
evaluating the accessed identity management data to determine a set of identity management artifacts associated with a set of identities and at least one entitlement in association with the one or more source systems;
generating a first identity management graph from the identity management data, the first identity management graph comprising nodes for identity management artifacts edges between those nodes, and weights for the edges based on data associated with nodes joined by those edges in accordance with the associated set of identifies or at least one entitlement;
analyzing the first identity management graph or the identity management data to identify an anomaly;
identifying an identity management artifact associated with the identified anomaly as a high risk identity management artifact;
presenting the identified high risk identity management artifact through a user interface of the identity management system to manage vulnerabilities associated with the set of identities or at least one entitlement.
2. The system of claim 1 , wherein the analysis of the first identity graph is based on a second identity graph associated with the set of identity management artifacts.
3. The system of claim 2 , wherein the first identity graph is associated with a first time and the second identity graph is associated with a second time.
4. The system of claim 3 , wherein the second time is previous to the first time or subsequent to the first time.
5. The system of claim 1 , wherein the anomaly is identified based on a degree of connectivity or in-betweenness of a node in the first identity management graph associated with the identified identity management artifact.
6. The system of claim 1 , wherein the identified identity management artifact is an identity, entitlement, or role.
7. The system of claim 1 , wherein the anomaly is an outlier with respect to the first identity management graph.
8. A method for risk at assessment using graphs, comprising:
accessing identity management data obtained from one or more source systems;
evaluating the accessed identity management data to determine a set of identity management artifacts associated with a set of identities and at least one entitlement in association with the one or more source systems;
generating a first identity management graph from the identity management data, the first identity management graph comprising nodes for identity management artifacts edges between those nodes, and weights for the edges based on data associated with nodes joined by those edges in accordance with the associated set of identities or at least one entitlement;
analyzing the first identity management graph or the identity management data to identify an anomaly;
identifying an identity management artifact associated with the identified anomaly as a high risk identity management artifact;
presenting the identified high risk identity management artifact through a user interface of the identity management system to manage vulnerability associated with the set of identities or at least one entitlement.
9. The method of claim 8 , wherein the analysis of the first identity graph is based on a second identity graph associated with the set of identity management artifacts.
10. The method of claim 9 , wherein the first identity graph is associated with a first time and the second identity graph is associated with a second time.
11. The method of claim 10 , wherein the second time is previous to the first time or subsequent to the first time.
12. The method of claim 8 , wherein the anomaly is identified based on a degree of connectivity or in-betweenness of a node in the first identity management graph associated with the identified identity management artifact.
13. The method of claim 8 , wherein the identified identity management artifact is an identity, entitlement, or role.
14. The method of claim 8 , wherein the anomaly is an outlier with respect to the first identity management graph.
15. A non-transitory computer storage readable medium, comprising instructions of risk assessment using graphs for:
accessing identity management data obtained form one or more source systems;
evaluating the accessed identity management data to determine a set of identity management artifacts associated with a set of identities and at least one entitlement in association with the one or more source systems;
generating a first identity management graph from the identity management data, the first identity management graph comprising nodes for identity management artifacts edges between those nodes, and weights for the edges based on data associated with nodes joined by those edges in accordance with the associated set of identities or at least one entitlement;
analyzing the first identity management graph or the identity management data to identify an anomaly;
identifying an identity management artifact associated with the identified anomaly as a high risk identity management artifact;
presenting the identified high risk identity management artifact through a user interface of the identity management system to manage vulnerabilities associated with the set of identities or at least one entitlement.
16. The non-transitory computer readable medium of claim 15 , wherein the analysis of the first identity graph is based on a second identity graph associated with the set of identity management artifacts.
17. The non-transitory computer readable medium of claim 16 , wherein the first identity graph is associated with a first time and the second identity graph is associated with a second time.
18. The non-transitory computer readable medium of claim 17 , wherein the second time is previous to the first time or subsequent to the first time.
19. The non-transitory computer readable medium of claim 15 , wherein the anomaly is identified based on a degree of connectivity or in-betweenness of a node in the first identity management graph associated with the identified identity management artifact.
20. The non-transitory computer readable medium of claim 15 , wherein the identified identity management artifact is an identity, entitlement, or role.
21. The non-transitory computer readable medium of claim 15 , wherein the anomaly is an outlier with respect to the first identity management graph.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.